Topic
Differential cryptanalysis
About: Differential cryptanalysis is a research topic. Over the lifetime, 2131 publications have been published within this topic receiving 54681 citations.
Papers published on a yearly basis
Papers
More filters
TL;DR: If a key is faulty, for example if they omit to check just one condition which the keys should satisfy, communications can be decrypted in a ciphertext-only scenario and mathematical proofs that the main historical key classes KT1 and KT2 are secure against such attacks are provided.
Abstract: T-310 is an important Cold War cipher (Schmeh 2006). It was the principal encryption algorithm used to protect various state communication lines in Eastern Germany in the 1980s. The cipher is quite...
15 citations
10 Dec 2011
TL;DR: In this article, the authors analyzed the PRINTCipher-48 and showed that it is possible to break the full 48-round cipher by assuming a moderate leakage of internal state bits or even just Hamming weights of some three-bit states.
Abstract: In this paper we analyze the recently proposed lightweight block cipher PRINTCipher. Applying algebraic methods and SAT-solving we are able to break 8 rounds of PRINTCipher-48 and 9 rounds under some additional assumptions with only 2 known plaintexts faster than brute force. We show that it is possible to break the full 48-round cipher by assuming a moderate leakage of internal state bits or even just Hamming weights of some three-bit states. Such a simulation side-channel attack has practical complexity.
15 citations
28 Nov 2012
TL;DR: The current paper studies differential properties of the compression function of reduced-round DM-PRESENT-80, which was proposed at CHES 2008 as a lightweight hash function with 64-bit digests and success lies in the detailed analysis of the data transition, where the internal state and message values are carefully chosen.
Abstract: The current paper studies differential properties of the compression function of reduced-round DM-PRESENT-80, which was proposed at CHES 2008 as a lightweight hash function with 64-bit digests. Our main result is a collision attack on 12 rounds with a complexity of 229.18 12-round DM-PRESENT computations. Then, the attack is extended to an 18-round distinguisher and an 12-round second preimage attack. In our analysis, the differential characteristic is satisfied by the start-from-the-middle approach. Our success lies in the detailed analysis of the data transition, where the internal state and message values are carefully chosen so that a differential characteristic for 5 rounds can be satisfied with complexity 1 on average. In order to reduce the attack complexity, we consider as many techniques as possible; multi-inbound technique, early aborting technique, precomputation of look-up tables, multi-differential characteristics.
15 citations
TL;DR: The differential cryptanalysis method using a bit-oriented mixed integer linear programming (MILP) method to search for the differential characteristics of block ciphers is used to analyse GIFT and improves the GIFT-64 key recovery attack by one round over the previous differential crypt analysis.
Abstract: GIFT is a lightweight block cipher that was proposed by Banik et al. at CHES 2017, which is said to be a direct improvement over PRESENT since “that provides a much increased efficiency in all domains (smaller and faster)” and improves the security weaknesses of the latter. At Asiacrypt in 2014, Sun et al. introduced a bit-oriented mixed integer linear programming (MILP) method to search for the differential characteristics of block ciphers. In this paper, we use the differential cryptanalysis method based on this automated tool to analyse GIFT. We propose 12-round and 13-round related-key differential characteristics of GIFT- 64 and 7-round and 10-round related-key differential characteristics of GIFT- 128. By using them as distinguishers, we apply key recovery attacks on the 19-round and 20-round reduced GIFT-64 with data complexities of 2
47
and 2
56
plaintexts, respectively, which mean that the data complexities are lower. Furthermore, we improve the GIFT-64 key recovery attack using differential cryptanalysis by one round over the previous differential cryptanalysis.
15 citations
TL;DR: A cryptanalysis of the new stream cipher A2U2 presented at IEEE RFID 2011 that has a key length of 56 bit is presented and it is concluded that the cipher needs to be repaired and a number of simple measures are pointed out that would prevent the above attacks.
Abstract: In recent years, light-weight cryptography has received a lot of attention. Many primitives suitable for resource-restricted hardware platforms have been proposed. In this paper, we present a cryptanalysis of the new stream cipher A2U2 presented at IEEE RFID 2011 [9] that has a key length of 56 bit. We start by disproving and then repairing an extremely efficient attack presented by Chai et al. [8], showing that A2U2 can be broken in less than a second in the chosen-plaintext case. We then turn our attention to the more challenging known-plaintext case and propose a number of attacks. A guess-and-determine approach combined with algebraic cryptanalysis yields an attack that requires about 249 internal guesses. We also show how to determine the 5-bit counter key and how to reconstruct the 56-bit key in about 238 steps if the attacker can freely choose the IV. Furthermore, we investigate the possibility of exploiting the knowledge of a "noisy keystream" by solving a Max-PoSSo problem. We conclude that the cipher needs to be repaired and point out a number of simple measures that would prevent the above attacks.
15 citations